<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
  <head>
    <title>WebScarab certificates</title>
  </head>
  <body>
  <h1>Creating your own certificates</h1>
  <p>WebScarab reads certificates stored in the PKCS12 format, which can be created
  or converted to by tools such as OpenSSL. PKCS12 is also one of the formats that
  Internet Explorer and Mozilla/Navigator, etc can import and export.</p>
  <p>Since the PKCS12 format requires a password, WebScarab uses a password of 
  "password" (without the quotes). This password is hard-coded into the source of WebScarab.</p>
  <p>Note that this is not an important password, so there is no point in changing it!</p>
  <p>If you decide you want to create your own certificates, for whatever reason,
  here are some instructions for doing so using OpenSSL:</p>
  <p>First create the private key:</p>
  <pre>
  openssl genrsa 1024 &gt; server.key
  </pre>
  <p>Then create the corresponding self-signed certificate:</p>
  <pre>
  openssl req -new -x509 -nodes -sha1 -days 3650 -key server.key &gt; server.crt
  </pre>
  <p>Finally, wrap both the key and the certificate into a PKCS12 formatted file:</p>
  <pre>
  openssl pkcs12 -export -out server.p12 -in server.crt -inkey server.key -name "WebScarab"
  </pre>
  <p>Place the resulting &quot;server.p12&quot; file in the root of the webscarab 
  installation directory, in place of the existing server.p12 file</p>
  <p>Initial support for client certificates exists now, so you should be
  able to do similar operations for the client certificate and keys, 
  calling the file &quot;client.p12&quot;</p>
  <p><b>
  NOTE that WebScarab looks for the certificate and key files IN the 
  webscarab.jar, so you will have to rebuild the jar file with your 
  updated certificate files, otherwise they will not be used!</b></p>
  </body>
  
</html>
